Samsung Galaxy devices can be hacked into a crash and reboot loop which leaves its owners with no option but to perform a factory reset.
Samsung Galaxy Devices Hacked Via SMS
Security experts Tom Court and Neil Biggs discovered a very serious SMS-based attack that have been identified in several Samsung Galaxy phones. The vulnerabilities allow remote attackers to initiate attacks using SMS messages that cause a state of repeated crashes and reboots that can only be remedied by issuing a forced factory reset. This leads to user data loss as the procedure erases everything on the phone’s internal storage.
The problem was discovered in the implementation of the WAP (Wireless Application Protocol) layer. This technology transports data between endpoints using specific ports. It can be used over a variety of different protocols and channels, including SMS messages.
The WAP Push notification is transported via this layer and allows various content to be uploaded to remote devices with very little user intervention. All transported data is encoded in a WAP Binary XML format which is very efficient for computer programmers.
WPA Bugs Affect Samsung Galaxy Devices
This is an old technology that can potentially receive and process arbitrary data and commands without user interaction. The whole specifications of the technology are fairy simple to master. The disturbing fact is the OMA CP protocol can be used with it, this is the – Open Mobile Alliance Client provisioning protocol which is used for remote device configuration. The researchers used Samsung Galaxy devices as a proof-of-concept for any possible abuse, however other vendors are probably affected as well. The team managed to deliver messages and execute arbitrary commands without using any authentication methods.
These methods can be used to eavesdrop conversations and steal valuable data, along with various remote code executions. The criminals can use these commands to carry out malware infections and sabotage the devices.
A proof-of-concept attack has caused a remote DOS incident on the target devices. The only solution to fix the caused reboot loop is to force a fatory reset which results in the loss of all user data. Criminal hackers can also use extortion tactics to make the victims pay for the restoration of their devices.
Here is a timeline of the vulnerability patch process:
17th June 2016 – Issues disclosed to vendor
21st June 2016 – Received acknowledgement from vendor
28th June 2016 – Received request for further details on one of the bugs
14th July 2016 – Received notification that all but one bug had been fixed
23rd August 2016 – Received notification from vendor that all issues are fixed and that patch would be released in October
7th October 2016 – Received notification from vendor that patch is delayed until Nov 7th.
7th November 2016 – Patches released
For more information you can read the in-depth research blog post.